With ClearPass Onboard, guests and employees simply selfregister for secure network access and onboard their devices as part of the Aruba ClearPass BYOD framework. Centrally defined and managed from the ClearPass Policy Manager platform, users are first redirected to a guest or device registration captive portal.

Then ClearPass Onboard automatically detects the device operating system and other characteristics to present the user with the appropriate configuration package. The result is a streamlined method for applying wired, wireless and VPN settings, and an easy-to-manage process for delivering and revoking unique device credentials.

ClearPass Onboard offers the enterprise-class onboarding capabilities that automate the deployment of 802.1X network access. The onboarding of 10,000 devices is easily managed by directing users to a desired captive portal that resides within the ClearPass platform.

Specifications are provided by the manufacturer. Refer to the manufacturer for an explanation
of the print speed and other ratings.

Header

Brand:

Aruba

Compatibility:

Mac , PC , Unix

Manufacturer:

Aruba

Model:

Policy Manager Onboard

Packaged Quantity:

1

Product Line:

Aruba ClearPass

Software

License Category:

License

License Qty:

1000 endpoints

License Type:

License

System Requirements

Platform:

Linux , MacOS , Windows

General

Category:

Networking applications

Subcategory:

Network - connectivity & data sharing

Product Reviews

Rated 3.9 out of 5 by 12reviewers.

Rated 4 out of 5 by WiFiSuperman The features work in concert to provide secure on-boarding for guests and bring-your-own-device users. A more streamlined setup and more in-depth tutorials would be helpful. Valuable Features:All of the features work in concert to provide secure on-boarding for guests and bring-your-own-device users.Improvements to My Organization:I implement this for other companies and they all greatly benefit. It's worked well in many sectors, such healthcare, financial, corporate, and transportation.Room for Improvement:Helping streamline the setup and more in-depth tutorials would be helpful. The product is very complex and therefore the more info and tools that are available the better.Use of Solution:I've been using it for three years.Stability Issues:I feel the product is stable.Scalability Issues:I feel the product is scalable.Customer Service:Customer service is top notch.Technical Support:Very tchnical. The techs always help until resolution and will escalate quickly when you ask.Previous Solutions:It's the first AAA security product of its kind.Initial Setup:Whether the setup is straightforward or complex will depend on how you need to apply the product. It can be streamlined or be quite intricate.Implementation Team:I am the consultant who installs this for end-users.Cost and Licensing Advice:It may be a little expensive or complex for very small clients.Other Advice:It's very powerful, but the individual needs to have a lot of knowledge across several IT disciplines.Disclaimer: I am a real user, and this review is based on my own experience and opinions. May 4, 2016

Rated 4 out of 5 by Brad Arsenault Reliable solution for our guest network access as well as mobile device registration. Valuable Features:It's a reliable solution for our guest network access as well as mobile device registration.Improvements to My Organization:The key functionality we're using is Active Directory in unison with device authentication, so every 45 days a user has to log in their password on their mobile phone so that you can use WiFi services in the office. We're going to be looking at ClearPass to do device authentication, which means the users will only have to register the device once and never have to re-enter the password again.Room for Improvement:It was a complex solution to set up because of its newness. We needed a third-party implementor to help us.Use of Solution:It's a brand new installation for us, and we've only had it for a month.Deployment Issues:So far, we haven't had any issues with deployment.Stability Issues:From what we've seen it's been pretty stable.Scalability Issues:Right now, it's scaled. We're using it for guest internet services and it seems to be working pretty well. Our next phase with that would be to roll in for device registration as we roll out to our mobile device strategy.Customer Service:10/10 for HP and 8/10 for the third-party.Technical Support:We haven't really run into any support issues yet. On the integration side, there's obviously some expertise with the vendor, which is going to help us take care of some issues in the future, but it hasn't really been a difficult product to support.Previous Solutions:We decommissioned other options. We had another, but we've since decoupled it and are now using ClearPass to do that.Initial Setup:Because of its newness it was complex, but the end result was pretty straightforward.Implementation Team:We did need a third party to come in and help us do the implementation. We had some initial help from an HP engineer on the Aruba side who spent some time with us, showing us an evaluation version of it, but when we went into production we had to get a third party to help us.ROI:We're not really calculating ROI for the service. It's a necessary service delivered by IT to the corporation.Cost and Licensing Advice:We're currently doing an entire refresh of our access point network, which is approximately 80 access points across the country. We've recently acquired all new hardware. We're refreshing the entire footprint.Other Solutions Considered:Because Aruba was our primary vendor for our access points, it just made more sense for us to try to consolidate more services towards the new strategy.Other Advice:It's only providing a very small service to us right now. It's not like we're looking at ClearPass on a very full-blown basis. My advice would be to just make sure to do a proper spectrum analysis, and each of your properties are areas that you intend to put WiFi, because it will be critical to where you put APs and how closely you put them together.Disclaimer: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. April 14, 2016

Rated 4 out of 5 by Thomas Farren This product has provided us a tool to create authentication requirements that users have to meet in order to perform 802.1x authentication. Valuable Features:The most valuable feature for us is its ability to provide clear authentication mechanisms to support multiple authentication requirements.Improvements to My Organization:This product has provided us a tool to create authentication requirements that users have to meet in order to perform 802.1x authentication.Room for Improvement:The update process is very intense and I believe Aruba should find a way to make this process smoother and easier to administer.Use of Solution:I've used it for two years.Deployment Issues:We have not run into issues with the deployment.Stability Issues:We have not run into issues with the stability.Scalability Issues:We have not run into issues with the scalabilityInitial Setup:It was hard at first because I didn’t have any training and was trying to figure out the best way for us to use this product with deploying 802.1x.Implementation Team:It was originally put in with a vendor team and was only set up for access to the appliances.ROI:Our ROI has been good and solid.Cost and Licensing Advice:The pricing/licensing is very competitive with other products out there.Other Solutions Considered:We chose this product because we are using Aruba in other areas today.Other Advice:Make sure you take a look at all the types of authentication you want to do and evaluate if you have enough appliances to handle the load. Keep in mind resiliency for failover as well.Disclaimer: I am a real user, and this review is based on my own experience and opinions. February 2, 2016

Rated 4 out of 5 by Brian Higdon The feature that I use the most is the Access Tracker. It displays all relevant information of each authentication request and troubleshooting is a breeze on how the data is displayed. Valuable Features:A major feature that I deploy and all my customers enjoy is the On-boarding function. Once properly set-up, it is very easy to configure and maintain all on boarded devices and users associated with those devices.The feature that I use the most is the Access Tracker. It displays all relevant information of each authentication request and troubleshooting is a breeze on how the data is displayed.Improvements to My Organization:I have deployed ClearPass in a number of organizations that have been using any number of outdated and obsolete security protocols for their wireless security from WEP and PSKs to MAC based authentication and global user names and passwords. Deploying ClearPass allowed these organizations to move from weak security protocols to industry standard security protocols.Room for Improvement:Every deployment of ClearPass I have run into a bug or a feature that is not as user friendly as it could be. This can be easily improved upon by providing documentation and guides of proper syntax inputs. I have gotten around these issues by purely trial and error.Use of Solution:I have used ClearPass for the past five years and have deployed all the features that ClearPass has to offer. I have deployed it in school districts, hospitals, government agencies and all major industry verticals.Deployment Issues:It is not as user-friendly and intuitive when first using it as it takes some time to know were everything is.Stability Issues:I have deployed Clearpass in environments that require over 500,000 authentications per day and have not had any issues.Scalability Issues:I have deployed Clearpass in environments that require over 500,000 authentications per day and have not had any issuesTechnical Support:For 90% of troubleshooting and basic configuration the Technical Assistance Center has always been very good, once the issue becomes a unique case specific to the customer that’s when resolving issues may take longer the three hours. Overall, Aruba Networks is really good in supporting ClearPass.Initial Setup:The basic network set-up is straightforward to get it on the network. Activating the licenses and getting the subscription key for ClearPass is a bulky and compression process with very little guidance or documentation. If there is an issue with the license, the only solution to almost always call Aruba tech support. Once the licenses are sorted out an upgrade needs to happen and the size of the update is 1.4Gb or more and based on the customers network, may take a long time. Finally, after ClearPass is on-line and fully updated, the configuration and basic troubleshooting is pretty straightforward. If it’s the first time someone is looking at it there is defiantly a learning curve.Implementation Team:I am the system integrator if it would be done in-house. If the person that is deploying ClearPass has experience with radius servers, deploying it would take three to six times longer than to hire a system integrator. Unless the in-house IT team has the time and resources to learn to deploy and troubleshoot ClearPass out of the box, then I definitely recommend getting a systems integrator. They would know how the system works, what questions to ask and troubleshooting techniques.ROI:There are a lot of questions need to be answered before answering the real ROI question correctly, the biggest questions are how secure is your current network? Does it meet the industry security standards? Can you afford to have your network infiltrated or have loss of data? And can you afford to lose data? If not then pricing and licensing can be worked out.Cost and Licensing Advice:Before you buy licensing know how and way you are using clearpass. I cant count how many times a customer has perched the wrong license or to many or not enough.Other Advice:It can easily handle all types of authentication methods and has a large amount of flexibility, which can cover all scenarios. However it is lacking in third party integrations and little to no documentation on customization. Aruba assumes that you have working knowledge of their CSS tags, JavaScript, REST API integration and others.If you are looking for a NAC solution ClearPass is one of the best all in one solution it covers all authentication methods and has a large flexibility that can be easily customized to fit any scenario in any industry vertical.Disclaimer: My company has a business relationship with this vendor other than being a customer:We are currently a sliver partner with Aruba Networks February 2, 2016

Rated 4 out of 5 by Prashant Harnal The two most valuable features for us are ClearPass guest and policy manager. Valuable Features:The two most valuable features for us are ClearPass guest and policy manager.Improvements to My Organization:It keeps your organization secure in many ways, has easy guest logins, tons of options to customize the portal page, and many other useful enterprise-level features.Automated guest account creation and the customizable captive portal has reduced the burden of the receptionist generating a token for guest access. It supports multiple authentication methods and the access tracker makes admin life easy for troubleshooting.ClearPass onboard reduces the IT admin burden as well.Room for Improvement:ClearPass Insight needs to be worked on. The functionality is not quite there yet.Also, add-on licenses are expensive.Use of Solution:I've used it for one year.Deployment Issues:There were no issues with deployment.Stability Issues:There have been no issues with stability.Scalability Issues:There have been no issues with scaling it.Customer Service:Aruba has one of the best support teams amongst all the vendors.Technical Support:Technical support is the best.Previous Solutions:There was no solution in place previously.Initial Setup:It was a little complex to set up. Following the installation guide makes the initial setup easy.Implementation Team:We implemented it in-house.But if you do use a vendor, make sure your implementation partner is aware of all CleaPass features. Otherwise, it will be tough. Since ClearPass is a mix of AAA, NAC, Guest Module, Onguard, Profiling, and On-Boarding, make sure your partner is an expert in ClearPass.ROI:The VM version is good for the cost, but add-on licenses are costly.Cost and Licensing Advice:The VM version is good for the cost, but add-on licenses are costly.Other Solutions Considered:We also looked at Cisco ISE.Disclaimer: My company has a business relationship with this vendor other than being a customer:We are Aruba channel partners. February 2, 2016

Rated 4 out of 5 by Ryan Withrow It has a customizable captive portal for quick and easy BYOD access for students. Valuable Features:* 802.1x quick, easy, and secure wireless access for our staff machines* Customizable captive portal for quick and easy BYOD access for students* Quick and easy ability to allow guests to use the wireless networkImprovements to My Organization:Bringing mobile devices on to the network has been simplified and secured at the same time.Room for Improvement:Installation can be time-consuming, so Hire an Aruba consultant to do the install and save yourself a lot of time. There will be plenty of time for you to learn the product later. Plus, the consultant can pass on some valuable information during the process.Use of Solution:I've used it for two years.Deployment Issues:There were no issues with the deployment.Stability Issues:There have been no issues with the stability.Scalability Issues:There have been no issues with the scalability.Technical Support:Aruba Support is fast and accurate. I never have problems getting someone on the line that can find a resolution the problem we are having.Initial Setup:The initial set-up was straightforward.Implementation Team:We had a vendor team on site which helped accelerate the process.Disclaimer: I am a real user, and this review is based on my own experience and opinions. February 2, 2016

Rated 3 out of 5 by Kyle Turford The interface is a little confusing as is setting up some of the options but this is partially due to the flexibility of the product. There are wizards available to create policy which is helpful. Valuable Features:Before ClearPass we were using the native captive-portal on our Wi-Fi controllers (Aruba) to authenticate users but this was causing httpd daemons to overload the CPU on the controllers. This situation created a denial of service condition on the Wi-Fi which was a major call driver for us.Improvements to My Organization:Before ClearPass we were using the native captive-portal on our Wi-Fi controllers (Aruba) to authenticate users but this was causing httpd daemons to overload the CPU on the controllers. This situation created a denial of service condition on the Wi-Fi which was a major call driver for us.Room for Improvement:Ability to drill down on items like “System CPU Utilization” or “Device Family” stats from the dashboard. As of right now you need to pick up to 5 items listed on the Dashboard but they seem to be static.The interface is a little confusing as is setting up some of the options but this is partially due to the flexibility of the product. There are wizards available to create policy which is helpful. We’re primarily using it for RADIUS based AAA for 802.1x Wireless.Use of Solution:One and a half years primarily using the Policy Manager module, and one year using the Guest module. No Onboarding use as of yet.Deployment Issues:MS AD integration was a bit of a problem at the beginning until our SE realized that the ClearPass servers need to be joined to the domain before AD lookups can be done.Stability Issues:I haven't experienced any issues.Scalability Issues:I haven't experienced any issues.Technical Support:Mixed – our current SE does not seem to have much knowledge about configuration of ClearPass and I have been referred to their “ClearPass Expert” on a couple of occasions but I have yet to speak to him/her. Aruba TAC has been able to help the few times I’ve called.Previous Solutions:Our existing wireless infrastructure is Aruba so it made sense to use their solution for AAA. We did a trial with Win Server 2012 RADIUS and that worked as well, however it does not offer as many options as ClearPass does.Initial Setup:Initial setup was fairly straightforward following the “Start Here” wizard. Our only real “snag” was the Active Directory integration, but that was remedied by our SE.ROI:The licensing model wasn’t explained terribly well to us so we vastly under-purchased. This has unfortunately caused us a bit of trouble over the last year. The licensing numbers are based on unique connected authenticating endpoints per day, averaged over 7 days. When we purchased the product we were under the impression that the licensed nodes were concurrent devices, of which we typically see 8000+ in the middle of the day. Our licensing ended up being 19000+ unique devices and we’ve had to put together a cluster of 4 Clearpass nodes to accommodate this.Cost and Licensing Advice:The licensing model wasn't explained terribly well to us so we vastly under-purchased. This has unfortunately caused us a bit of trouble over the last year. The licensing numbers are based on unique connected authenticating endpoints per day, averaged over 7 days. When we purchased the product we were under the impression that the licensed nodes were concurrent devices, of which we typically see 8000+ in the middle of the day. Our licensing ended up being 19000+ unique devices and we’ve had to put together a cluster of 4 ClearPass nodes to accommodate this.Other Advice:Tread carefully when estimating the number of unique device nodes for licensing. If using Active Directory for MSCHAPv2 authentication make sure that you add Clearpass to the Windows Domain.Disclaimer: I am a real user, and this review is based on my own experience and opinions. January 18, 2016

Rated 4 out of 5 by SrNwkAdministrator418 It helps us to ensure all sites are compliant with a unified set of standards passed down from our corporate headquarters. Valuable Features:The most valuable feature for us it the granular, logic-based nesting of objects which gives highly customizable control over AAA for TACACS+ and RADIUS.Device profiling for basic/intermediate NAC is also highly useful.Improvements to My Organization:Providing granular control over which devices are permitted to join our corporate wireless network, as well as in-depth AAA (accounting, in particular) for TACACS+ sessions, is huge. We can refer back to these logs at any time, which are especially useful when we undergo organization-wide audits.Having a global business presence, CPPM helps us to ensure all sites are compliant with a unified set of standards passed down from our corporate headquarters.Room for Improvement:* I'd like to see greater ability to customize backups – locations, transfer protocols (SCP/SFTP, etc).* Small tweaks like scroll bar distances within large Enforcement Policies. More customization for SNMP traps (types), a well as published MIB files so that we can utilize our network monitoring environment more heavily with polling specific aspects of CPPM.* Hardware requirements for VM templates we use (CP-VA-5K) are, quite frankly, absurd (very high disk storage requirements).Use of Solution:I've used it for just over three years.Deployment Issues:I don't recall any issues with deployment.Stability Issues:I don't recall any issues with stability.Scalability Issues:I don't recall any issues with scalability.Technical Support:Technical support was not all that great, actually. They are responsive, but oftentimes are VERY reluctant to initiate a screen-sharing session or give in-depth answers. URL links to knowledge-base articles are very typical for initial answers, which (1) slows resolution, and (2) increases frustration.It seems, in general, that technical support is more interested in closing new cases than they are in actually solving the root issues. 90% of the questions I’ve had I’ve had solved (for free, mind you, without any maintenance fees) using Aruba’s Airheads online user-based forums.Initial Setup:The solution was implemented before I gained ownership of it. I'm not sure of the history behind it.Implementation Team:A local vendor was used.Other Advice:Do your due-diligence in understanding how the product works before you deploy. CPPM (and many like it – Cisco ISE and ACS) are very complex in the way they are configured and operate.If you can design the solution before implementation, you have a much better chance of scaling well, easily, and with little down-time as you grow the product throughout its life cycle in your organization.Disclaimer: I am a real user, and this review is based on my own experience and opinions. December 31, 2015